How to remove trojan Lzio?
-
How to remove trojan Lzio?
undefinedundefinedundefined
My wife's computer has been infected with some really pernicious spyware that I need help removing. I have run the newest versions of Spy Sweeper, AdAware, Spybot S & D and Aluria Spy Eliminator. Every time I reboot the trojan Lzio and Searchfast are reinstalled and the computer starts accessing the internet and seems to download other spyware. If I keep it disconnected from the internet I am able to eliminate everything except these two. They are identified by Spy Sweeper, but not by Spybot S & D. Spybot finds something called DSO exploit, but can't eliminate it. I have also run all Windows critical updates and have current Norton antivirus running.
Please HELP: this has ruined her computer.
Following is her Hijack This log:
Logfile of HijackThis v1.98.2
Scan saved at 9:52:00 PM, on 8/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Ingenix Tools - {51819320-5B57-49FE-BEB5-B498CBBA1097} - H:\Ingenix\EncoderPro\IngenixBand.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [x95Ue5O] sccedia.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] H:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [nssysconf] H:\WINDOWS\sbbjkky.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] H:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [llvwyvqu] H:\WINDOWS\System32\qghevlx.exe
O4 - HKLM\..\Run: [LANServer] H:\Program Files\Microtek\ScanWizard 5\LANServer.exe
O4 - HKLM\..\Run: [iPodManager] H:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [IndexSearch] H:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccRegVfy] "H:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [000hpdllhost] H:\WINDOWS\System32\hpdllhost.exe
O4 - HKCU\..\Run: [SpySweeper] "H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [g3q24Tt25] msvmsnsv.exe
O4 - Startup: ASE Scheduler.lnk = H:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Startup: HotSync Manager.lnk = H:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: AdSubtract.lnk = H:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: Dataviz Messenger.lnk = H:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = H:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = H:\QUICKENW\bagent.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Google Search - res://H:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://H:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://H:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://H:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://H:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...etaStream3.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://quicken.ehosts.net/netagent/.../custappx3.CAB
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://nrepf01.tenethealth.com/msrdp.cab
Last edited by owen; 25-08-2004 at 10:45 PM.
-
Well done on the critical updates. XP SP2 already installed, I'm impressed.
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [x95Ue5O] sccedia.exe
O4 - HKLM\..\Run: [nssysconf] H:\WINDOWS\sbbjkky.exe
O4 - HKLM\..\Run: [llvwyvqu] H:\WINDOWS\System32\qghevlx.exe
O4 - HKLM\..\Run: [000hpdllhost] H:\WINDOWS\System32\hpdllhost.exe
O4 - HKCU\..\Run: [g3q24Tt25] msvmsnsv.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...MetaStream3.cab
The following are optional fixes:
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
Update checker for Sun Java. Not needed, can be run manually
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
System tray access for Quicktime. Not needed and hogs resources
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
Resource hog that launches common MS Office components to help speed up the launch of Office programs. Some users claim there's no difference with or without it but it isn't required anyway. Different filenames used for different variants
Click Fix Checked
Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.
Then delete the following files:
H:\WINDOWS\sbbjkky.exe
H:\WINDOWS\System32\qghevlx.exe
H:\WINDOWS\System32\hpdllhost.exe
Then go to Start> Search and search for Files and Folders (remember to search hidden files). Search for and delete the following:
sccedia.exe
msvmsnsv.exe
Then reboot and post a fresh log
-
Thank you, thank you, thank you for your help. It is late and I haven't run the computer much after making the changes, but the first reboot and scan with Spy Sweeper looked clean for the first time.
Following the the new log:
Logfile of HijackThis v1.98.2
Scan saved at 11:08:46 PM, on 8/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\Program Files\HP Web Jetadmin\hpwebjetd.exe
H:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
H:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
H:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
H:\Program Files\HP Web Jetadmin\hpwebjetd.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\fxssvc.exe
H:\WINDOWS\system32\BRMFRSMG.EXE
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Scansoft\PaperPort\pptd40nt.exe
H:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
H:\Program Files\iPod\bin\iPodManager.exe
H:\Program Files\Ahead\InCD\InCD.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\TrojanHunter 3.9\THGuard.exe
H:\WINDOWS\hvigefs..exe
H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
H:\Program Files\AdSubtract\adsub.exe
H:\WINDOWS\DvzCommon\DvzMsgr.exe
H:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
H:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
H:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
H:\Program Files\Palm\HOTSYNC.EXE
H:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=AdSubtract:4444
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72199D54-346D-6310-652F-CCDB64792475} - H:\WINDOWS\System32\yunahyne\vbixdmxj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Ingenix Tools - {51819320-5B57-49FE-BEB5-B498CBBA1097} - H:\Ingenix\EncoderPro\IngenixBand.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PaperPort PTD] H:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] H:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LANServer] H:\Program Files\Microtek\ScanWizard 5\LANServer.exe
O4 - HKLM\..\Run: [iPodManager] H:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [IndexSearch] H:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccRegVfy] "H:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [THGuard] "H:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [hpsysconf1] H:\WINDOWS\hvigefs..exe
O4 - HKCU\..\Run: [SpySweeper] "H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ASE Scheduler.lnk = H:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Startup: HotSync Manager.lnk = H:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: AdSubtract.lnk = H:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: Dataviz Messenger.lnk = H:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = H:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = H:\QUICKENW\bagent.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Google Search - res://H:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://H:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://H:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://H:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://H:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://quicken.ehosts.net/netagent/.../custappx3.CAB
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://nrepf01.tenethealth.com/msrdp.cab
-
Hello again,
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
O2 - BHO: (no name) - {72199D54-346D-6310-652F-CCDB64792475} - H:\WINDOWS\System32\yunahyne\vbixdmxj.dll
O4 - HKLM\..\Run: [hpsysconf1] H:\WINDOWS\hvigefs..exe
O4 - Global Startup: SmartUI.lnk = ?
Click Fix Checked
Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.
Delete the following file:
H:\WINDOWS\hvigefs..exe
Reboot and post a fresh log
-
When I ran Hijack This again I could not find one entry you instructed me to delete:
O4 - HKLM\..\Run: [hpsysconf1] H:\WINDOWS\hvigefs..exe
I was able to delete the other two and the file as you instructed.
Following is the new Hijack This log:
Logfile of HijackThis v1.98.2
Scan saved at 5:52:49 PM, on 8/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\Program Files\HP Web Jetadmin\hpwebjetd.exe
H:\Program Files\HP Web Jetadmin\hpwebjetd.exe
H:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
H:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
H:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\fxssvc.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Scansoft\PaperPort\pptd40nt.exe
H:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
H:\Program Files\Microtek\ScanWizard 5\LANServer.exe
H:\Program Files\iPod\bin\iPodManager.exe
H:\Program Files\Ahead\InCD\InCD.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\TrojanHunter 3.9\THGuard.exe
H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
H:\Program Files\AdSubtract\adsub.exe
H:\WINDOWS\DvzCommon\DvzMsgr.exe
H:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
H:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
H:\Program Files\Palm\HOTSYNC.EXE
H:\WINDOWS\system32\BRMFRSMG.EXE
H:\Program Files\Microtek\ScanWizard 5\MsgRpr.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=AdSubtract:4444
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Ingenix Tools - {51819320-5B57-49FE-BEB5-B498CBBA1097} - H:\Ingenix\EncoderPro\IngenixBand.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PaperPort PTD] H:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] H:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LANServer] H:\Program Files\Microtek\ScanWizard 5\LANServer.exe
O4 - HKLM\..\Run: [iPodManager] H:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [IndexSearch] H:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccRegVfy] "H:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [THGuard] "H:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [SpySweeper] "H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ASE Scheduler.lnk = H:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Startup: HotSync Manager.lnk = H:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: AdSubtract.lnk = H:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: Dataviz Messenger.lnk = H:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = H:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = H:\QUICKENW\bagent.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://quicken.ehosts.net/netagent/.../custappx3.CAB
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://nrepf01.tenethealth.com/msrdp.cab
Thank you again. I really appreciate your help!
-
Hi; I thought I had posted this reply yesterday, but I don't see it in the thread. I applied the fixes, except when I ran Hijack This I could not find the following entry:
O4 - HKLM\..\Run: [hpsysconf1] H:\WINDOWS\hvigefs..exe
I was able to find and remove all the others.
Following is a new Hijack This log:
Logfile of HijackThis v1.98.2
Scan saved at 5:52:49 PM, on 8/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\Program Files\HP Web Jetadmin\hpwebjetd.exe
H:\Program Files\HP Web Jetadmin\hpwebjetd.exe
H:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
H:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
H:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\fxssvc.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Scansoft\PaperPort\pptd40nt.exe
H:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
H:\Program Files\Microtek\ScanWizard 5\LANServer.exe
H:\Program Files\iPod\bin\iPodManager.exe
H:\Program Files\Ahead\InCD\InCD.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\TrojanHunter 3.9\THGuard.exe
H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
H:\Program Files\AdSubtract\adsub.exe
H:\WINDOWS\DvzCommon\DvzMsgr.exe
H:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
H:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
H:\Program Files\Palm\HOTSYNC.EXE
H:\WINDOWS\system32\BRMFRSMG.EXE
H:\Program Files\Microtek\ScanWizard 5\MsgRpr.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=AdSubtract:4444
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Ingenix Tools - {51819320-5B57-49FE-BEB5-B498CBBA1097} - H:\Ingenix\EncoderPro\IngenixBand.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PaperPort PTD] H:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] H:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LANServer] H:\Program Files\Microtek\ScanWizard 5\LANServer.exe
O4 - HKLM\..\Run: [iPodManager] H:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [IndexSearch] H:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccRegVfy] "H:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [THGuard] "H:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [SpySweeper] "H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ASE Scheduler.lnk = H:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Startup: HotSync Manager.lnk = H:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: AdSubtract.lnk = H:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: Dataviz Messenger.lnk = H:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = H:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = H:\QUICKENW\bagent.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://quicken.ehosts.net/netagent/.../custappx3.CAB
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://nrepf01.tenethealth.com/msrdp.cab
Thanks again! I really appreciate your help.
-
That log is looking much better. How are things running? Sorry about the response time
